How severe is CVE-2020-1958?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2020-1958?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2020-1958 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based authorization checks, if configured. Callers of Druid APIs can also retrieve any LDAP attribute values of users that exist on the LDAP server, so long as that information is visible to the Druid server. This information disclosure does not require the caller itself to be a valid LDAP user.

Related Vulnerabilities

CVE-2015-10040

MEDIUM

CVSS:6.5(Medium)

A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability affects the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Han...

CWE-742015

CVE-2016-0881

MEDIUM

CVSS:6.5(Medium)

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository informatio...

CWE-742016

CVE-2016-10761

MEDIUM

CVSS:6.5(Medium)

Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.

CWE-742016

CVE-2016-6473

MEDIUM

CVSS:6.5(Medium)

A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. More Information: CSCuu69332, CSCux...

CWE-742016

CVE-2017-8458

MEDIUM

CVSS:6.5(Medium)

Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://[email protected]/ is displayed without a clear UI indication that it is not a resource on the safe.example...

CWE-742017

CVE-2019-3498

MEDIUM

CVSS:6.5(Medium)

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defau...

CWE-742019